About

News

Amazon Linux AMI : puppet (ALAS-2013-219)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x
before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x
before 3.0.1, allows remote attackers to execute arbitrary Ruby
programs from the master via the resource_type service. NOTE: this
vulnerability can only be exploited utilizing unspecified 'local file
system access' to the Puppet Master.

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and
3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x
before 3.0.1, installs modules with weak permissions if those
permissions were used when the modules were originally built, which
might allow local users to read or modify those modules depending on
the original permissions.

Training & Certification

The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.